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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 



- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent tenn adjustment. See 37 CFR 1 .704(b). 

Status 

1 )S Responsive to Gominunication(s) filed on 30 December 2005 . 
2a)n This action is FINAL 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1 . 453 O.G. 21 3. 

Disposition of Claims 

4) ^ Claim(s) 1-30 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. v 

6) KI Claim(s) 1-8. 10-19.22.24-27,29 and 30 is/are reiected, 

7) ^ Claim(s) 1-23 and 28-30 is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10)0 The drawing(s) filed on is/are: a)n accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form Wo-1 52. 

Priority under 35 U.S.C. § 1 19 

1 2)n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received In this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Response to Amendment 

1. This communication is in response to applicant's amendment filed December 30, 2005. 
Claims 1-30 are pending. 

Claim Objections 

2. Claims 1-23 and 29-30 are objected to because of the following informaUties: 
With respect to claim 1, in lines 2, 4-6, and 8, the recitation "for receiving" or 

"configurable to" is not a positive limitation but only requires the ability to so perform. 
Therefore, it does not limit a claim to a particular structure or does not limit the scope of a claim 
or claim limitation. 

With respect to claims 8 and 9, in line 2, the recitation "for sampling" is not a positive 
limitation but only requires the ability to so perform. Therefore, it does not limit a claim to a 
particular structure or does not limit the scope of a claim or claim limitation. 

With respect to claim 12, in line 1, "the packet" should be changed to -a packet-. 

With respect to claim 13, in line 5, "the destination address" should be changed to —a 
destination address—. 

With respect to claim 29, in line 1, the acronym "ASIC" should spell out to obviate any . 
confiision that it might create. Further, in lines 2-4 and 6, the recitation "for downloading", "for 
applying", "for accepting" or "for determining" is not a positive limitation but only requires the 
ability to so perform. Therefore, it does not limit a claim to a particular structure or does not 
limit the scope of a claim or claim limitation. 
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With respect to claim 30, in line 2, the recitation "for discarding" is not a positive 
limitation but only requires the ability to so perform. Therefore, it does not limit a claim to a 
particular structure or does not limit the scope of a claim or claim limitation. Further, in line 3, 
the acronym "NOC" should spell out to obviate any confusion that it might create. 

Other pending claims are automatically objected to as they depend upon objected 
independent claims 1 and 29. Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for 
patent or (2) a patent granted on an application for patent by another filed in the United 
States before the invention by the applicant for patent, except that an international 
apphcation filed under the treaty defined in section 351(a) shall have the effects for 
purposes of this subsection of an apphcation filed in the United States only if the 
international application designated the United States and was pubUshed under Article 
21(2) of such treaty in the EngUsh language. 

3. Claims 1, 4-8, 10-11, and 16-19 are rejected under 35 U.S.C. 102(e) as being anticipated 

by Ben Nun et al (US Patent No. 6,831,893 Bl). Hereinafter, referred to as Ben Nun. 

With respect to claim 1, Ben Nun discloses a processing device (Fig. 2) comprising: 
an input interface (col. 5, lines 63-66 and Fig. 2, physical access unit 210 inputs and 

captures data packets traveling upstream from one node to another node of the network) for 

receiving data units containing header information of respective packets; 
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a first module (col. 6, lines 40-42 and Fig. 2, data path unit 230 may sort the data packets 
from the smallest source IP address to the largest source IP address) configurable to perform 
packet filtering based on the received data units; 

a second module (col. 7, lines 9-12 and Fig. 2, header processor 250 classifies the data 
packets by determining which rule or rules of a predetermined set of rales correspond to each of 
the headers HDR) configurable to perform traffic analysis based on the received data units; 

a third module (col. 9, lines 28-33 and Fig. 2, classifier 260 receives information from 
each of the packet processors PPl to PPN indicating the relative load on each of the packet 
processors PPl to PPN. Then, the classifier 260 assigns a new flow to the packet processor PPl, 
PP2, or PPN that has the smallest load) configurable to perform load balancing based on the 
received data xmits; and 

a fourth module (Fig. 2, processors PPl . . .PPN perform routing of the received data 
packets according to destination addresses) configurable to perform route lookups based on the 
received data units^ 

With respect to claim 4, Ben Nun discloses that the header information comprising at 
least one of source IP address, a destination IP address, an IP type, source port, destination port, 
DiffServ byte, an IP Augmentation offset field, an IP fragmentation control field, or a TCP 
control bit (Fig. 1), and wherein the first module is configured to perform packet filtering based 
on the header information (col. 6, lines 40-42 and Fig. 2, data path unit 230 may sort the data 
packets from the smallest source JP address to the largest source IP address). 
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With respect to claim 5, Ben Nun discloses that wherein the first module includes a user- 
configured filter rule (col. 6, lines 31-33, the data path may fiirther determine if the lengths of the 
data packets fall within an acceptable range of lengths. Herein, the acceptable range of lengths is 
the user-configured filter rule). 

With respect to claim 6, Ben Nun discloses that wherein when a packet matches the filter 
rule, the first module is configured to accept the packet (col 10, lines 29-34, the data path 
determines whether or not the packet is valid and error-firee, if the packet is valid and error-firee, 
the data path unit extracts the header and outputs it to the header processor and classifier. 
Herein, the packet is accepted after it determined as vahd and error-firee). 

With respect to claim 7, Ben Nun discloses that the packet filtering performed by the first 
module comprising accepting a packet that is not explicitly rejected based on the fiher rule (col. 
10, Unes 29-34, the data path determines whether or not the packet is valid and error-fi-ee, if the 
packet is valid and error-fi-ee, the data path unit extracts the header and outputs it to the header 
processor and classifier. Herein, the packet is accepted as not explicitly rejected based on filter 
rule, e.g., valid and error-firee). 

With respect to claim 8, Ben Nun discloses that wherein when a packet matches the filter 
rule, the first module is configured to mark the packet for sampling by setting a bit in a packet 
notification (Fig. 3, counter value 330). 
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With respect to claim 10, Ben Nun discloses that the second module being configured to 
write header information associated with the sampled packet to a routing engine of the 
processing device (col. 12, lines 15-17, the header processor 250 output the rule information to 
the data path units 230 and 240). 

With respect to claim 1 1, Ben Nun discloses that the second module being configured to 
monitor all logical interfaces associated with the processing device (Fig. 2, header processor 250 
monitors and processes data packets received via physical access units 210 and 220). 

With respect to claim 16, Ben Nun discloses that processing device comprising a 
loopback interface, wherein the first module is associated with the loopback interface (Fig. 2, 
physical access unit 210 connected to data path 230). 

With respect to claim 17, Ben Nun discloses that the load balancing performed by the 
third module comprising forwarding piackets received firom a designated source port or a 
designated source address to a designated destination port or a designated destination address . 
(col. 8, lines 15-18, the classifier 260 determines the flow to which a data packet belongs based 
on the source and destination IP addresses contained in the header HDR of the data packet). 

With respect to claim 18, Ben Nun discloses that the forwarding of the packets fi-om the 
designated source port or designated source address to the designated destination port or the 
designated destination address maintains an order and a travel path for a TCP session associated 
with the forwarded packets (col. 8, lines 15-18, the classifier 260 determines the flow to which a 
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data packet belongs based on the source and destination IP addresses contained in the header 
HDR of the data packet. Herein, the flow is a TCP/IP flow, as illustrated in Fig. 3, L4 OFS 325). 

With respect to claim 19, Ben Nun discloses that the load balancing performed by the 
third module comprising accepting a packet when the packet is determined to be in-profile (col. 
1 1, lines 23-31, the classifier 260 determines if any of the packet processors PPl to PPN have 
previously been designated to process data packets that belong to the first flow. Since the first 
flow packet processor PPl has been previously designated to process packets corresponding to 
the first flow, the classifier outputs corresponding flow information to the data path unit 230 
indicating that the first upstream data packet should be processed by the processor PPl . Herein, 
in-profile is PPl processes first flow); dropping the packet when the packet is determined to be 
out-of-profile (col. 7, hues 31-36, flow-kill command is outputted to the classifier to inform the 
classifier that the corresponding data packet does not correspond to any of the predetermined 
rules and that there is no need to maintain a process flow for such packets). 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 
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4. Claims 2-3, 12, and 24-26 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ben Nun et al (US Patent No. 6,831,893 Bl) in view of Viswanadham et al (US Pub 
2001/0043614 Al). Hereinafter, referred to as Ben Nun and Viswanadham. 

With respect to claim 2, Ben Nun discloses a network monitoring and classifying system 
(Fig. 2). Ben Nxm does not disclose that the system is implemented as an ASIC. Viswanadham 
discloses an ASIC switch circuit 20 for processing the received data packets (page 2, 32"^ 
paragraph and Fig. 2A). It would have been obvious to one having ordinary skill in the art at the 
time the invention was made to include an implemented ASIC processing device in Ben Nun's 
system, as suggested by Viswanadham, since ASIC offers different chip designs such as low- 
end, niid-range, and high-end chips, to accommodate different speeds, costs, and complexities. 

With respect to claim 3, Ben Nun discloses that wherein the traffic analysis performed by 
the second module includes at least one of sampling, logging, or counting (col. 13, lines 13-16, 
the counter value field 330 may contain data that indicates the number of bytes in the data packet 
365, the number of data packets contained in a given transmission, or the number of erroneous 
data packets contained in a given transmission). 

With respect to claim 12, Ben Nun discloses that wherein the packet performed by the 
second module may be used to determine respective destinations of the packets, a volume of the 
packets and respective contents of the packets (Fig. 3). 
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With respect to claim 24, Ben Nun discloses a method of forwarding data packets using a 
processor (Fig. 2) comprising: 

receving a packet including a header (col. 5, lines 63-66 and Fig. 1-2, physical access xrnit 
210 inputs and captures data packets traveling upstream from one node to another node of the 
network); 

filtering the received packet based on the header to accept or reject the received packet 
(col. 6, lines 31-33 and Fig. 2, data path unit 230 may determine if the lengths of the data packets 
fall within an acceptable range of lengths); 

performing traffic analysis on the accepted packet (col. 7, lines 9-12 and Fig. 2, header 
processor 250 classifies the data packets by determining which rule or rules of a predetermined 
set of rules correspond to each of the headers HDR); 

performing a route lookup and forwarding the accepted packet based on the route lookup 
(Fig. 2, processors PPl . . .PPN perform routing of the received data packets according to 
destination addresses); 

Ben Nun does not disclose that the processor is an ASIC based processor. Viswanadham 
discloses an ASIC switch circuit 20 for processing the received data packets (page 2, 32"^ 
paragraph and Fig. 2A). It would have been obvious to one having ordinary skill in the art at the 
time the invention was made to include an implemented ASIC processing device in Ben Nun's 
system, as suggested by Viswanadham, since ASIC offers different chip designs such as low- 
end, mid-range, and high-end chips, to accommodate different speeds, costs, and complexities. 
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With respect to claim 25, Ben Nim discloses that writing a filter rule into the ASIC based 
processor prior to the filtering the received packet (col. 6, lines 31-33 and Fig. 2, data path unit 
230 may determine if the lengths of the data packets fall within an acceptable range of lengths. 
Herein, the acceptable range of lengths is aheady configured in the processor before applying the 
filtering). 

With respect to claim 26, Ben Nun discloses accepting the received packet when the filter 
rule does not explicitly reject the received packet (col. 6, lines 31-36 and Fig. 2, if the data 
packets are valid and error-fi-ee or the address is within an acceptable range of lengths, the data 
path unit 230 extracts the data packet headers HDR firom the data packets and forwards them to 
the header processors 250 and classifier 260). 

5. Claim 13 is rejected under 35 U.S.C. 103(a) as being unpatentable over Ben Nun et al . 
(US Patent No. 6,831,893 Bl) in view of Shrader (US Patent No, 6,009,475). 

With respect to claim 13, Ben Nun discloses a network monitoring and classifying system 
(Fig. 2). Ben Nim does not disclose that wherein when a packet matches the filter rule, the 
second module is configured to log the packet, a log entry associated with the logged packet 
being accessible for display by using a command-line interface associated with the processing 
device, the log entry including at least one of a log time, an input circuit, a protocol type, a 
source address, or a destination address. Shrader discloses an IP filter validation page for 
logging and displaying logged entries of the filtered packets including at least the source address 
(Fig. 5). It would have been obvious to one having ordinary skill in the art at the time the 
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invention was made to include the IP filter in Ben Nun's system, as suggested by Shrader, to 
monitor, display, and analyze network traffics. 

6. Claim 14 is rejected imder 35 U.S.C. 103(a) as being unpatentable over Ben Nun et al 
(US Patent No. 6,831,893 Bl) and Viswanadham et al (US Pub 2001/0043614 Al) fiirther in 
view of Ushirozawa (US Patent No. 6,704,290). Hereinafter, referred to as Ben Nun, 
Viswanadham, and Ushirozawa. 

With respect to claim 14, Ben Nun discloses a network monitoring and classifying system 
(Fig. 2). Ben Nxm does not disclose that the second module being configured to perform the 
sampling, logging, or counting at a speed of about OC-192c/STM 64. Ushirozawa discloses that 
a high transmission rate signal requires a high-speed counter, e.g., STM-64 signal with the 
transmission rate of 9953.28Mb/s requires a coimter that operates at least 5 GHz (col. 6, lines 46- 
49). It. would have been obvious to one having ordinary skill in the art at the time the invention 
was made to include, a high speed counter in Ben Nun's system, as suggested by Ushirozawa, to 
count the number of change points in a received STM-N signal. 

7. Claim 15 is rejected under 35 U.S.C. 102(e) as being anticipated by Ben Nun et al (US 
Patent No. 6,831,893 Bl). Hereinafter, referred to as Ben Nun. 

With respect to claim 15, Ben Nun discloses a network monitoring and classifying system 
(Fig. 2). Ben Nun does not disclose wherein the packet filtering performed by the first module 
comprises performing source address verification to prevent source address spoofing of a 
network operation center system. However, ingress traffic filtering at the periphery of Intemet 
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connected networks including discarding or dropping packets to reduce source address spoofing 
is well known in the art and further discussions can be found in RFC 2267. Therefore, it would 
have been obvious to one having ordinary skill in the art at the time the invention was made to 
perform source address verification to prevent source address spoofing in Ben Nun's system, to 
protect and secure data transmissions. 

8. Claim 22 is rejected under 35 U.S.C, 102(e) as being anticipated by Ben Nxm et al (US 
Patent No. 6,831,893 Bl) in view of Seamons et al (US Patent No. 6,349,338 Bl). Hereinafter, 
referred to as Ben Nvm and Seamons, 

With respect to claim 22, Ben Nun discloses a network monitoring and classifying system 
(Fig. 2). Ben Nun does not disclose that the load balancing performed by the third module 
comprising assigning respective policing equivalence classes to the packets. Seamons discloses 
a timing diagram showing a sequence of requests and repUes for assigning policing equivalence 
classes to the packets of the clients (Fig. 3). It would have been obvious to one having ordinary 
skill in the art at the time the invention was made to assign packets to different policing classes 
in Ben Nun's system, as suggested by Seamons, to ensure that each packet receives the optimum 
service. 

9. Claim 27 is rejected under 35 U.S.C. 103(a) as being unpateiitable over Ben Nun et al 
(US Patent No. 6,831,893 Bl) and Viswanadham et al (US Pub 2001/0043614 Al) fiuther in 
view of Walker et al (US Patent No. 6,567,379 Bl). Hereinafter, referred to as Ben Nun, 
Viswanadham, and Walker. 
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With respect to claim 27, Ben Nun discloses a network monitoring and classifying system 
(Fig. 2). Ben Nun does not disclose that wherein the traffic analysis comprises randomized 
sampling based on a user-configurable sampling rate. Walker discloses a randomized user 
defined sampling rate (col. 5, lines 43-55). It would have been obvious to one having ordinary 
skill in the art at the time the invention was made to have a randomized user defined sampling 
rate in Ben Nun's system, as suggested by Walker, to avoid the possibility of sampling a 
particular packet address comcident with the packet's periodic arrival time. 

10. Claims 29 and 30 are rejected under 35 U.S.C. 103(a) as being unpatentable over Ben 
Nun et al (US Patent No. 6,831,893 Bl) in view Lakshman et al (US Patent No. 5,951,651). 
Hereinafter, referred to as Ben Nun and Lakshman. 

With respect to claim 29, Ben Nun discloses a filter (Fig. 2) for use in a router, 
comprising: 

means for applying the filter rule to a packet received by the router (col. 6, lines 28-31 
and Fig. 2, data path unit 230 may perform IP and TCP standard checksum operations and IPV4 
operations to verify the validity of an incoming packet); 

means for accepting the packet when the packet is not explicitly rejected by the fiher rule 
(col. 6, lines 33-36 and Fig. 2, if the data packets are valid and error-firee, the data path unit 230 
extracts the data packet headers HDR firom the data packets and forwards them to the header 
processors 250 and classifier 260); and 

mean for determining whether the packet is to be fiirther processed by the router based on 
a result of the applying the filter rule (col. 6, lines 33-36 and Fig. 2, if the data packets are vaUd 
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and error-free, the data path unit 230 extracts the data packet headers HDR from the data packets 
and forwards them to the header processors 250 and classifier 260), the ASIC-based fiher being 
configured to perform independently of other processes being performed by the router (Fig. 2, 
data path unit 230 performs independently of packet processors PPl to PPN). 

Ben Nun does not disclose that the filter is an ASIC filter and means for downloading a 
user-configured filter rule. Lakshman discloses that in an off-line process, one or more 
partitioned sets or window arrays are downloaded into the filter with each partitioned set 
containing all potential filter rules associated with particular packet parameters (col. 2, lines 25- 
30). Further, Lakshman discloses that the algorithm for computing the filters is implemented in 
hardware and may be manufactured in ASIC form (col. 5, lines 65-67). It would have been 
obvious to one having ordinary skill in the art at the time the invention was made to include 
downloading filter rules and implementing an ASIC based filter in Ben Nun's system, as 
suggested by Lakshman, since ASIC offers different chip designs such as low-end, mid-range, 
and high-end chips,' to accommodate different speeds, costs, and complexities and reduce on- 
chip storage for storing a plurality of filter rules. 

With respect to claim 30, Ben Nun and Lakshman have addressed all of the limitations 
recited in independent claim 29. Ben Nun does not disclose means for discarding the packet that 
arrives on an inbound circuit when the packet contains a spoofed NOC source address. 
However, ingress traffic filtering at the periphery of Intemet connected networks including 
discarding or dropping packets to reduce source address spoofing is well known in the art and 
further discussions can be found in RFC 2267. Therefore, it would have been obvious to one 
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having ordinary skill in the art at the time the invention was made to discard spoofed source 
address packets in Ben Nun's system, to protect and secure data transmissions. 

Allowable Subject Matter 

11. Claims 9, 20-21, 23, and 28 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the limitations of 
the base claim and any intervening claims. 

Response to Arguments 

12. Apphcant's arguments with respect to claims 1-30 have been considered but are moot in 
view of the new ground(s) of rejection. 

Conclusion 

13. The prior art made of record and not reUed upon is considered pertinent to applicant's 
disclosure. 

Ferguson, et al "Defeating Denial of Service Attacks which employ IP source address 
spoofing" RFC 2267, January 1998, pages 1-10. 

14. Any inquiry concerning this communication or earlier communications firom the 
examiner should be directed to Anh-Vu H. Ly whose telephone nxmiber is 571-272-3 175. The 
examiner can normally be reached on Monday-Friday 7:00am - 4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Chi Pham can be reached on 571-272-3179. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electrpnic Business Center (EBC) at 866-217-9197 (toll-free). 
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